二进制部署k8s集群v1.23.9版本-10-安装kube-proxy组件
10.1、集群规划
| 主机名 | 角色 | IP |
|---|---|---|
| hfqg1-201 | kube-proxy | 192.168.1.201 |
| hfqg1-202 | kube-proxy | 192.168.1.202 |
| hfqg1-203 | kube-proxy | 192.168.1.203 |
10.2、生成证书
192.168.1.200服务器操作
cd /opt/certs
[root@hfqg1-200 certs]# cat kube-proxy-csr.json
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "system:masters",
"OU": "system"
}
]
}
生成证书
cfssl gencert
-ca=ca.pem
-ca-key=ca-key.pem
-config=ca-config.json
-profile=kubernetes
kube-proxy-csr.json | cfssl-json -bare kube-proxy
把生成的证书拷贝到201202、和203节点
scp kube-proxy.pem hfqg1-201:/opt/kubernetes/server/bin/certs/
scp kube-proxy.pem hfqg1-202:/opt/kubernetes/server/bin/certs/
scp kube-proxy*.pem hfqg1-203:/opt/kubernetes/server/bin/certs/
10.3、生成kubeconfig文件
192.168.1.201服务器操作
创建脚本
cd /opt/kubernetes/server/bin/k8s-shell/
[root@hfqg1-201 k8s-shell]# cat kube-proxy-config.sh
#!/bin/bash
KUBE_CONFIG="/opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig"
KUBE_APISERVER="https://192.168.1.196:8443"
kubectl config set-cluster kubernetes
--certificate-authority=/opt/kubernetes/server/bin/certs/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=${KUBE_CONFIG}
kubectl config set-credentials kube-proxy
--client-certificate=/opt/kubernetes/server/bin/certs/kube-proxy.pem
--client-key=/opt/kubernetes/server/bin/certs/kube-proxy-key.pem
--embed-certs=true
--kubeconfig=${KUBE_CONFIG}
kubectl config set-context default
--cluster=kubernetes
--user=kube-proxy
--kubeconfig=${KUBE_CONFIG}
kubectl config use-context default --kubeconfig=$
执行脚本
chmod +x kube-proxy-config.sh
./kube-proxy-config.sh
把生成kubeconfig文件拷贝到202和203主机
scp /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig hfqg1-203:/opt/kubernetes/server/bin/conf/
10.4、加载ipvs模块
192.168.1.201服务器操作
cd /opt/kubernetes/server/bin/k8s-shell
[root@hfqg1-201 k8s-shell]# cat ipvs.sh
!/bin/bash
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "[.]*");
do
echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;
done
执行脚本
chmod +x ipvs.sh
./ipvs.sh
lsmod | grep ip_vs
在202和203主机上同样操作。本处略。
10.5、创建kube-proxy启动脚本
192.168.1.201服务器操作
cd /opt/kubernetes/server/bin
[root@hfqg1-201 bin]# cat kube-proxy.sh
#!/bin/bash
WORK_DIR=$(dirname $(readlink -f $0))
[ $? -eq 0 ] && cd $WORK_DIR || exit
/opt/kubernetes/server/bin/kube-proxy
--v=2
--log-dir=/data/logs/kubernetes/kube-proxy
--config=/opt/kubernetes/server/bin/conf/kube-proxy-config.yml
创建目录、调整权限
mkdir -p /data/logs/kubernetes/kube-proxy
chmod +x kube-proxy.sh
配置参数文件
cd /opt/kubernetes/server/bin/conf
[root@hfqg1-201 conf]# cat kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig
hostnameOverride: hfqg1-201.host.com
clusterCIDR: 171.1.0.0/16
10.6、创建supervisor启动文件
[root@hfqg1-201 conf]# cat /etc/supervisord.d/kube-proxy.ini
[program:kube-proxy-1-201]
command=/opt/kubernetes/server/bin/kube-proxy.sh
numprocs=1
directory=/opt/kubernetes/server/bin
autostart=true
autorestart=true
startsecs=30
startretries=3
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=true
stdout_logfile=/data/logs/kubernetes/kube-proxy/proxy.stdout.log
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=5
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
10.7、启动kube-proxy服务
supervisorctl update
supervisorctl status
10.8、其它节点部署kube-proxy
192.168.1.201服务器操作
把脚本、参数文件和supervisor启动文件拷贝到202和203主机
scp /opt/kubernetes/server/bin/kube-proxy.sh hfqg1-202:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/kube-proxy.sh hfqg1-203:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/conf/kube-proxy-config.yml hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kube-proxy-config.yml hfqg1-203:/opt/kubernetes/server/bin/conf/
scp /etc/supervisord.d/kube-proxy.ini hfqg1-202:/etc/supervisord.d/
scp /etc/supervisord.d/kube-proxy.ini hfqg1-203:/etc/supervisord.d/
修改主机名、参数文件、创建目录、启动kube-proxy服务
202机器
cat /opt/kubernetes/server/bin/conf/kube-proxy-config.yml
cat /etc/supervisord.d/kube-proxy.ini
mkdir -p /data/logs/kubernetes/kube-proxy
supervisorctl update
supervisorctl status
203机器
cat /opt/kubernetes/server/bin/conf/kube-proxy-config.yml
cat /etc/supervisord.d/kube-proxy.ini
mkdir -p /data/logs/kubernetes/kube-proxy
supervisorctl update
supervisorctl status
至此,kube-proxy组件安装完成。
至此,kubernetes集群部署完成!!!
本文来自博客园,作者:霸都运维,转载请注明原文链接:https://www.cnblogs.com/wangjie20200529/p/16575179.html
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!